Backdoor:Win32/Rbot!2FA0

Detected by Microsoft Defender Antivirus

Aliases: Win32/Rbot.BEA (CA) Backdoor.Win32.Rbot.aeu (Kaspersky) Backdoor:Win32/Rbot.BH (Microsoft) W32/Spybot.BSC (Norman) W32/Rbot-Gen (Sophos) W32.Spybot.Worm (Symantec) WORM_SPYBOT.GEN (Trend Micro)

Summary

Backdoor:Win32/Rbot!2FA0 is a backdoor Trojan that connects to an IRC server to receive commands from remote attackers. Commands could include instructions to spread to other computers via open network shares or by exploit of a security vulnerability, or to launch a denial of service (DoS) attack against specified targets.

Backdoor:Win32/Rbot!2FA0 may be detected as Backdoor:Win32/Rbot.BH.

Backdoor:Win32/Rbot!2FA0 may download and install additional malicious software, thus manual removal is not recommended. To detect and remove this Trojan and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx

Backdoor:Win32/Rbot!2FA0

Summary

What to do now

Technical information

Threat behavior

Prevention

Enable a firewall on your computer

Get the latest computer updates

Use up-to-date antivirus software

Use caution with attachments and file transfers

Symptoms